Change Healthcare Faces Double Extortion from New Ransomware Group
In a shocking twist to an already dire situation, Change Healthcare, a prominent healthcare technology company, is now facing a second ransomware attack from a different group called RansomHub. This comes after months of dealing with the fallout from an initial attack by the AlphV ransomware group, which allegedly resulted in Change Healthcare paying a $22 million ransom.
RansomHub Claims to Hold 4 Terabytes of Stolen Data
RansomHub, a relatively new player in the ransomware landscape, has announced on its dark-web site that it possesses 4 terabytes of Change Healthcare’s stolen data. The group has threatened to sell this sensitive information to the highest bidder if Change Healthcare fails to pay an undisclosed ransom amount. While initially hesitant to provide proof, RansomHub later shared screenshots with WIRED that appeared to show patient records and a data-sharing contract between United Healthcare, Change Healthcare’s parent company, and Emdeon, which acquired Change Healthcare in 2014.
Experts Weigh In on the Authenticity of RansomHub’s Claims
Although WIRED could not fully verify RansomHub’s claims, security experts believe there may be some truth to the group’s assertions. Brett Callow, a ransomware analyst at Emsisoft, notes that AlphV did not originally publish any data from the incident, making the origin of RansomHub’s data unclear. However, he sees no indication that the data may not be authentic. Similarly, Jon DiMaggio, chief security strategist at Analyst1, believes RansomHub is telling the truth after reviewing the information sent to WIRED, and he warns that the group is quickly gaining momentum.
The Dangers of Trusting Ransomware Groups
If RansomHub’s claims prove to be true, Change Healthcare’s ordeal serves as a cautionary tale about the risks of trusting ransomware groups to keep their promises, even after a ransom is paid. According to a post by a user named “notchy” on a Russian cybercriminal forum, AlphV allegedly pocketed the $22 million payment without sharing a commission with its “affiliate” hackers, who often penetrate victims’ networks on behalf of the ransomware group. RansomHub claims to be associated with notchy and states that AlphV performed an exit scam before the data deletion process could be completed.
We will delete the data. This data is a bomb for us. If we can’t get payment, we have no choice but to sell it. Of course, if we can reach an agreement, it will be better to delete the data and throw the bomb away.
The Impact on Healthcare Providers and Patients
The consequences of this double extortion attempt have been severe for both healthcare providers and patients. The American Medical Association (AMA) reports that serious disruptions continue to plague physician practices, with 80 percent of clinicians experiencing revenue loss and many resorting to personal finances to cover expenses. Some medical practitioners fear bankruptcy, while others struggle to manage pain care for cancer patients and face procedure delays.
Practices will close because of this incident, and patients will lose access to their physicians.
– Jesse M. Ehrenfeld, President of the AMA
As Change Healthcare grapples with this unprecedented situation, the healthcare industry as a whole must confront the growing threat of ransomware attacks and the devastating impact they can have on both providers and patients alike.
4 Comments
Again? Maybe it’s time Change Healthcare reevaluates their cybersecurity strategies!
Lightning really does strike twice, huh? Perhaps Change Healthcare needs a cybersecurity overhaul, stat.
Deja vu for Change Healthcare, or just bad luck with cyber threats? Time to double down on digital defense measures!
Zara Rodriguez: Twice in a row? Sounds like Change Healthcare’s digital armor needs some serious upgrades.